Steve Beattie

This issue was assigned [CVE-2021-36411](https://nvd.nist.gov/vuln/detail/CVE-2021-36411).

This issue was assigned [CVE-2021-36409](https://nvd.nist.gov/vuln/detail/CVE-2021-36409).

This issue was assigned [CVE-2021-36408](https://nvd.nist.gov/vuln/detail/CVE-2021-36408).

This issue was assigned [CVE-2021-36410](https://nvd.nist.gov/vuln/detail/CVE-2021-36410).

@gVallverdu FYI, debian has been including your proposed fix since June 2023: https://salsa.debian.org/debichem-team/pymatgen/-/commit/dcba4226dfc59789070bd1f7aa40b953e7722651

Also, this really needs some end2end test cases added.

Odd, in my sudo build log, I'm not seeing the following step be run after the `uses: strip` bit: ``` - runs: | # sudo must be owned by root...

The qemu runner also does not keep fscaps (and likely not acls and xattrs as well). This can be seen by building the `fping` package which sets cap_net_raw on /usr/sbin/fping...

This is the result of two problems: 1. With the qemu runner, melange copies out from the VM the built artifacts using tar to the host OS. The invocation of...

After spending a bunch of time in the debugger trying to figure out why fscaps/extended security attributes weren't being passed along when the QEMU runner is used, I think I...